We process personal data according to the General Data Protection Regulation (EU 2016/679). Furthermore, we follow good governance and data processing practices when processing information about our users. For further information about GDPR, please visit EUR-Lex.
Data controller is:
Flowrite Oy (3153955-1)
Kaikukatu 4 C
For any questions about our data processing, please reach out to firstname.lastname@example.org.
Information we collect
- Contact details
- Community communications logs
- Service analytics such as your IP address
- Professional/personal identity
- Inputs you use to generate texts
- Texts generated by the service
What do we need your data for?
- Provide you with the Flowrite service.
- Contact you and inform you about company news, such as new updates to the Flowrite service, its terms, as well as interesting news.
- Improve the Flowrite service, for example by collecting analytics or performing surveys.
- Organize our CRM and keep track of who is using our service.
Where do we get your data?
We get information like your name, phone number, and email from you. Other information is usually created and stored in data systems based on your own actions. These include for example communications, submissions, analytics, and surveys.
- We get your contact details when you create an account with Flowrite.
- When you use Flowrite for emails or other text creation.
- We store any communication between us securely at the time of communication.
- Some data is collected by cookies.
Who else gets (some of) your data?
The most important services we use:
- Infrastructure: Google, OpenAI, Hetzner Online
- Communications: Google, Intercom, Mailchimp, Customer.io
- Payments: Stripe
- Others: Zapier (automation), Calendly (scheduling), Mixpanel (analytics), Hotjar (analytics), Typeform (surveys)
How long do we keep your data?
We delete all user data that we are not legally obliged to retain after we no longer have a legitimate use for it. We will also delete user data based on your valid request (See “Your rights and options”)
Who’s responsible for your data?
In order to keep our website services running smoothly, we need some information about you. This information is called “personal data” as it can be used to identify you. Because we collect, use and store your personal data we are a so-called controller of your information. This means, for example, that we are responsible for keeping your personal data safe.
Below we explain in a bit more detail how, why and for how long exactly we have your personal data.
Data we need, the legal basis, and the storage time
First and foremost, we need your contact details to provide some of our services, such as informing you about updates, news, or contacting you regarding your use of Flowrite, as well as keeping track of our users in the first place through our CRM. If you don’t want us to do that, you can of course tell us to stop. In any case, we keep your contact details only for as long as necessary.
- Legal basis for processing: consent, legitimate interest, legal obligation
For communications we use email. The information that is stored depends a lot on yourself and what you choose to write to us about. Please remember that. It may be possible to identify you only from your messages - that is even if you don’t use your whole name in - which makes those messages personal data as well.
- Legal basis for processing: consent, legitimate interest
For the Flowrite service itself we need access to the text you type and generate as well as the emails/messages you are responding to, through, for example, Gmail or other email providers. Without such access, the Flowrite text generation tool will not work.
- Legal basis for processing: consent, legitimate interest, performance of contract
Our service uses some cookies that provide us with analytics. This gives us certain data about how you use our service – such as what type of text is usually processed, what company you represent, and where you are located. This gives us valuable insight into what type of use cases people using our service have, and helps develop Flowrite. User analytics also aid our IT security team in making our service secure.
- Legal basis for processing: Legitimate interest
From time to time we conduct surveys. In these surveys, we may ask you about your use of Flowrite, career, way of working, etc. This helps us to establish different types of professional and personal needs our users may have, and use that information to further develop Flowrite.
- Legal basis for processing: consent, legitimate interest
What is a legitimate interest?
Controller’s - that is: our - legitimate interest is one of six so-called legal bases. At least one of those six is required in order for us to lawfully collect, use and store your data.
We base some of our processing on that legitimate interest. In order for this to work, our interest in processing your data must outweigh your interest for us not to process your data. To figure out if this is the case we have thought about it.
In cases where our processing of your data is based on legitimate interest, it is for us to make our website service and user experience smoother and better serving both parties’ needs. The data we process based on legitimate interest include your contact details, analytics, submissions, and communications. Without these, our provision, and your use, of Flowrite website services would be negatively affected.
You can, however, object to any of our processing of your data if you think it’s not necessary or justified. Please let us know if this is the case at email@example.com and we will consider your request.
Your rights and options
You have the following rights on the data that we hold on you or that any third party we've shared your data with holds on you:
- You may request a copy of all the data
- You may request the deletion of all the data.
- You may request that we correct any incorrect data.
- You may request that we transfer your data directly to another company or entity*
- You may restrict the processing of data e.g. if you need the data kept as evidence for a legal claim. Please see Article 18 of the GDPR for the exact conditions.
- You may object to processing for direct marketing purposes.
- You may revoke your consent at any time, in which case we will seize any further processing of your data and erase it unless we have a justified reason or legal obligation to keep them.
* Which we will do if feasible with reasonable efforts. Please note, that this “right of portability” applies only to the data you have provided to us yourself, and thus may not apply to all the data we have about you.
If you would like to exercise these rights or revoke your consent (if applicable), please send an e-mail to firstname.lastname@example.org. We aim to fulfill these requests within 30 days unless we are overwhelmed by the number of such requests.
After a data deletion request has been fulfilled, your data may survive in backups for some time.
Data transfers outside the EU
Flowrite makes use of an external API, GPT-3, developed by OpenAI and hosted in the United States, which necessitates the transfer of data to the United States. This data includes texts you use Flowrite to respond to, as well as your own texts. OpenAI’s compliance with GDPR data protection rules has been affirmed by way of a contract between Flowrite and OpenAI. OpenAI only processes data in accordance with the European Commission’s Decision C(2010)593 Standard Contractual Clauses for Controllers to Processors.
Some additional data may be moved outside the EU since we do business on a global scale. We have ensured that the service providers we use have in place legitimately sufficient measures that provide safety for the data transferred from the EU. Flowrite constantly monitors the regulatory framework applicable to data transfers outside the EU and takes appropriate measures to ensure the safety of your data.
Last updated on July 13, 2022